I'm getting the same error described in this post:
Microsoft Social Login Approval Required Popup but the context is i'm signing into graph explorer as "user1@mydomain.onmicrosoft.com" and I'm trying to create a specific subscription that needs User.Read.All and Group.Read.All. When i try to assign myself these permissions via Graph Explorer's consent button, I get the prompt that says I need permission and to specify a reason why i'm asking. Id like to get rid of this prompt.
my user consent settings look like this:
The two users allowed to review access requests are the only 2 users in this test tenant. Including the one I'm using to sign into graph.
Ideally, I would like to configure my tenant so that all users have user.read.all and group.read.all.
I've tried to check Entra->Applications->Graph->Permissions. I've tried to add User.Read.All and Group.Read.All there but i still can't create subscrpition that I need. Any tips would be appreciated.
Edit 1
In myparticular case, in order to get it working, I had to allow users to request access to the specific app.
Allow users to request access to this application?
Yes
Require approval before granting access to this application
No
And when I sign in as Global Admin into Explorer, I don't get the prompt to consent for all users.
'
But your suggestion to allow users to request access is what tipped me off so I'm going to accept the solution.
I have below option selected under User consent settings in my tenant:
In Admin consent settings, I enabled below option with Sri
as reviewer to admin consent requests:
When I logged in to Graph Explorer with local user account and tried to consent User.Read.All
permission, I too got "Approval required screen" as below:
To approve above consent request, sign in with reviewer account having Global Admin role and approve pending request like this:
When I tried to consent User.Read.All
permission with local user account now, it worked and I'm able to list users successfully like this:
GET https://graph.microsoft.com/v1.0/users
Response:
If you want to get rid of "Approval required" screen while consenting permissions, disable below option by setting it to 'No':
To configure your tenant so that all users have User.Read.All
and Group.Read.All
permission, login to Graph Explorer with local user having Global Administrator role and make sure to consent permissions by checkmarking "Consent on behalf of your organization" option that won't ask normal users to consent again: